Published: 29/08/2014 Updated: 13/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent malicious users to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc
debian debian linux 7.0

Certain applications could be made to crash or run programs as an administrator ...

Debian Bug report logs - #775572 glibc: CVE-2014-7817 CVE-2014-9402 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 17 Jan 2015 14:42:02 UTC Severity: important Tags: security Found in version glibc/219 ...

Debian Bug report logs - #681888 CVE-2012-3406: glibc formatted printing vulnerabilities Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 13 Jul 2012 13:42:15 UTC Severity: important Tags: secur ...

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution This update removes support ...

An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application ...

// // Full Exploit: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34421targz (CVE-2014-5119targz) // // // --------------------------------------------------- // CVE-2014-5119 glibc __gconv_translit_find() exploit // ------------------------ taviso & scarybeasts ----- // // Tavis Ormandy <taviso@cmpxh ...

CWE-189 http://seclists.org/fulldisclosure/2014/Aug/69 http://www.securityfocus.com/bid/68983 http://www.openwall.com/lists/oss-security/2014/08/13/5 https://sourceware.org/bugzilla/show_bug.cgi?id=17187 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html http://www.openwall.com/lists/oss-security/2014/07/14/1 https://code.google.com/p/google-security-research/issues/detail?id=96 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html https://rhn.redhat.com/errata/RHSA-2014-1110.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www-01.ibm.com/support/docview.wss?uid=swg21685604 http://www.debian.org/security/2014/dsa-3012 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119 http://rhn.redhat.com/errata/RHSA-2014-1118.html http://linux.oracle.com/errata/ELSA-2015-0092.html https://security.gentoo.org/glsa/201602-02 http://www.securityfocus.com/bid/69738 http://secunia.com/advisories/61093 http://secunia.com/advisories/61074 http://secunia.com/advisories/60441 http://secunia.com/advisories/60358 http://secunia.com/advisories/60345 https://usn.ubuntu.com/2328-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/34421/https://access.redhat.com/security/cve/cve-2014-5119

CVE-2014-5119

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect